FTC’s Action Against LabMD Dismissed Due to Inadequate Evidence of Harm; FTC Appeals

A recent ALJ Initial Decision may prove significant in data breach litigation and provide further aid to companies battling class actions with claims of future injury through identity theft.  On November 13, 2015, the administrative law judge hearing the FTC’s action against medical testing laboratory LabMD dismissed the FTC’s case in its entirety.  See In re LabMD, Inc., F.T.C. ALJ, No. 9357 (Nov. 13, 2015). The action had its genesis in an investigation of LabMD’s security practices.  The investigation began after a report that information from LabMD may have been disclosed on a file-sharing website.  The FTC asserted that LabMD had failed to properly protect sensitive data and that information gleaned from its records was being used for identity theft purposes.


Employee of Pharmaceutical Manufacturer Criminally Charged with Wrongful Disclosure of Patient Information for Marketing Purpose

On October 16, the United States Attorney’s Office for the District of Massachusetts filed a criminal information against a former Warner Chilcott district manager alleging that he had obtained and used patient protected health information (PHI) in violation of the criminal provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The information alleges that this criminal violation occurred in connection with a scheme to promote Warner Chilcott’s osteoporosis drug Atelvia. The charge against former employee Landon Eckles is significant because it appears to be the first time a criminal prosecution under HIPAA has been brought against an employee of a pharmaceutical manufacturer for an alleged HIPAA privacy violation. Eckles pleaded guilty to the charges on November 12.


The Opportunities and the Challenges of Big Data for Business and Public Policy*

*Based on Remarks at the Big Data East Big Data Innovation Conference, September 9, 2015

I believe in the enormous potential of big data. Erik Brynolfsson and Andrew McAfee, authors of The New Machine Age and leading scholars of the digital economy, have compared the power and granularity of computational science to the transformation in understanding of nature that occurred when Anton Van Leuwenhook first peered at samples through his newly-invented microscope. We are seeing new advances in medicine, in social science, new ways of teasing out causation from correlation.


Trans-Pacific Partnership Agreement Touches Global Electronic Commerce

Last week, the New Zealand Ministry of Foreign Affairs & Trade has made public the text of the Trans-Pacific Partnership (TPP) Agreement. While the text of the TPP has been negotiated over the past seven years, several provisions relating to electronic commerce are remarkably timely and address key considerations for companies doing business abroad. Highlighted below are key initial takeaways from Article 14 of the TPP, on “Electronic Commerce:”


New York Department of Financial Services Considers New Cybersecurity Regulations and Seeks to Promote Federal-State Regulatory Convergence – Would Go Well Beyond Protecting Customer Information

In a November 9, 2015 letter to members of the Financial and Banking Information Infrastructure Committee (“FBIIC”), the Acting Superintendent of the New York Department of Financial Services (“NY DFS”) outlined key elements of potential new regulations by the NY DFS addressing cybersecurity risk (“Cybersecurity Proposal”) and encouraged FBIIC members to work with the NY DFS in developing a comprehensive cybersecurity framework for all regulated financial institutions. The NY DFS regulates entities and products that are subject to New York insurance, banking and financial services laws. The FBIIC is composed of state and federal agencies that regulate companies and products in the financial services sector, including the U.S. Securities and Exchange Commission (“SEC”), the Office of the Comptroller of the Currency (“OCC”) and the National Association of Insurance Commissioners (“NAIC”). The stated goal of the NY DFS is to stimulate dialogue among federal and state financial regulators to promote collaboration and, ultimately, regulatory convergence.


FCC Enforcement Bureau Issues First Privacy Enforcement Order Against a Cable Operator

On November 5, 2015, the Federal Communications Commission (“FCC” or “Commission”) issued its first ever privacy or data security enforcement order against a cable provider, Cox Communications, Inc. (“Cox”). The order adopted a consent decree entered into with the company, fining the company $595,000 for the breach. The order sets out that in August 2014, a hacker used social engineering tactics, or “pretexting,” to impersonate someone from Cox’s information technology department in a phishing scheme to successfully convince a Cox contractor to enter an account ID and password into a fake website which the hackers controlled. Without multi-factor authentication in place for the targeted systems, the hacker and an accomplice were able to use those captured credentials to obtain the personal information and /or Customer Proprietary Network Information (“CPNI”) of 54 current and seven former customers. Cox notified the FBI of the breach, but did not notify the FCC through the Commission’s breach-reporting portal.


Senate Passes Cybersecurity Legislation, Differences to be Worked Out with House Bills

On October 27, 2015, the Senate passed S. 754, the Cybersecurity Information Sharing Act (“CISA”), with bi-partisan support. Although some raised privacy concerns, CISA received backing from the Administration and support from many industry participants. The Senate bill must be reconciled with similar bills in the House (H.R. 1560 and H.R. 1731) before a conference version is produced. This process may be contentious as privacy advocates seek to strengthen protections for personal information, and Senator Richard Burr, Chairman of the Senate Intelligence Committee and co-sponsor of CISA, indicated that the conferencing process is unlikely to produce a resolution before January 2016.


European Parliament Adopts Surveillance Resolution Aimed at Mass Surveillance and Prompting Progress on Safe Harbor 2.0

On October 29, 2015, the European Parliament adopted a resolution on the electronic mass surveillance of EU citizens (the “Resolution”). Positioned as a follow-up to its resolution of 12 March 2014 in which the Parliament called for the immediate suspension of Safe Harbor and put forward a number of recommendations to limit access to personal data of European citizens as part of mass surveillance, the Resolution calls on the European Commission to “reflect immediately on alternatives to Safe Harbor and on the impact of the judgment [from the Court of Justice of the European Union in the Schrems case] on any other instruments for the transfer of personal data to the U.S.” It also calls for the European Commission to “report on the matter by the end of 2015.” In addition, the European Parliament demanded that the Commission urgently provide an update on the ongoing negotiations between US authorities and the Commission.


Upcoming Events



Meet the Team

<a target=‘_blank’ href="">Kwaku A. Akowuah</a>

Kwaku A. Akowuah

Washington, D.C.
<a target=‘_blank’ href="">Sheila A.G. Armbrust</a>

Sheila A.G. Armbrust

San Francisco
<a target=‘_blank’ href="">Francesca Blythe</a>

Francesca Blythe

<a target=‘_blank’ href="">Colleen Theresa Brown</a>

Colleen Theresa Brown

Washington, D.C.
<a target=‘_blank’ href="">John M. Casanova</a>

John M. Casanova

<a target=‘_blank’ href="">Thomas D. Cunningham</a>

Thomas D. Cunningham

<a target=‘_blank’ href="">Tomoki Ishiara</a>

Tomoki Ishiara

<a target=‘_blank’ href="">Amy P. Lally</a>

Amy P. Lally

Century City
<a target=‘_blank’ href="">David C. Lashway</a>

David C. Lashway

Washington, D.C.
<a target=‘_blank’ href="">William RM Long</a>

William RM Long

<a target=‘_blank’ href="">Joan M. Loughnane</a>

Joan M. Loughnane

New York
<a target=‘_blank’ href="">Geeta Malhotra</a>

Geeta Malhotra

<a target=‘_blank’ href="">Alan Charles Raul</a>

Alan Charles Raul

Washington, D.C., New York
<a target=‘_blank’ href="">Sean Royall</a>

Sean Royall

Dallas, Washington, D.C.
<a target=‘_blank’ href="">Jennifer B. Seale</a>

Jennifer B. Seale

Washington, D.C.
<a target=‘_blank’ href="">Yuet Ming Tham</a>

Yuet Ming Tham

Singapore, Hong Kong
<a target=‘_blank’ href="">John K. Van De Weert</a>

John K. Van De Weert

Washington, D.C.
<a target=‘_blank’ href="">Jonathan M. Wilan</a>

Jonathan M. Wilan

Washington, D.C.
<a target=‘_blank’ href="">John W. Woods Jr.</a>

John W. Woods Jr.

Washington, D.C.


To receive email alerts when we post a blog entry, please provide your name and email address.